diff --git a/app/controllers/devise_token_auth/concerns/set_user_by_token.rb b/app/controllers/devise_token_auth/concerns/set_user_by_token.rb index 015147d9a..93923cd8f 100644 --- a/app/controllers/devise_token_auth/concerns/set_user_by_token.rb +++ b/app/controllers/devise_token_auth/concerns/set_user_by_token.rb @@ -69,7 +69,7 @@ def update_auth_header # Generate new client_id with existing authentication @client_id = nil unless @used_auth_by_token - if not DeviseTokenAuth.change_headers_on_each_request + if @used_auth_by_token and not DeviseTokenAuth.change_headers_on_each_request auth_header = @resource.build_auth_header(@token, @client_id) # update the response header diff --git a/test/controllers/demo_user_controller_test.rb b/test/controllers/demo_user_controller_test.rb index 364a90355..df0ad7c9a 100644 --- a/test/controllers/demo_user_controller_test.rb +++ b/test/controllers/demo_user_controller_test.rb @@ -258,11 +258,69 @@ class DemoUserControllerTest < ActionDispatch::IntegrationTest end end end + + describe 'existing Warden authentication with ignored token data' do + before do + @resource = users(:second_confirmed_email_user) + @resource.skip_confirmation! + @resource.save! + login_as( @resource, :scope => :user) + + get '/demo/members_only', {}, @auth_headers + + @resp_token = response.headers['access-token'] + @resp_client_id = response.headers['client'] + @resp_expiry = response.headers['expiry'] + @resp_uid = response.headers['uid'] + end + + describe 'devise mappings' do + it 'should define current_user' do + assert_equal @resource, @controller.current_user + end + + it 'should define user_signed_in?' do + assert @controller.user_signed_in? + end + + it 'should not define current_mang' do + refute_equal @resource, @controller.current_mang + end + end + + it 'should return success status' do + assert_equal 200, response.status + end + + it 'should receive new token after successful request' do + assert @resp_token + end + + it 'should set the token expiry in the auth header' do + assert @resp_expiry + end + + it 'should return the client id in the auth header' do + assert @resp_client_id + end + + it "should not use the existing token's client" do + refute_equal @auth_headers['client'], @resp_client_id + end + + it "should return the user's uid in the auth header" do + assert @resp_uid + end + + it "should not return the token user's uid in the auth header" do + refute_equal @resp_uid, @auth_headers['uid'] + end + end end describe 'Existing Warden authentication' do before do - @resource = users(:confirmed_email_user) + @resource = users(:second_confirmed_email_user) @resource.skip_confirmation! @resource.save! login_as( @resource, :scope => :user) diff --git a/test/fixtures/users.yml b/test/fixtures/users.yml index 5b5a1275c..fa65e199d 100644 --- a/test/fixtures/users.yml +++ b/test/fixtures/users.yml @@ -10,6 +10,17 @@ confirmed_email_user: updated_at: '<%= timestamp %>' encrypted_password: <%= User.new.send(:password_digest, 'secret123') %> +<% @second_email = Faker::Internet.email %> +second_confirmed_email_user: + uid: "<%= @second_email %>" + email: "<%= @second_email %>" + nickname: 'stimpy2' + provider: 'email' + confirmed_at: '<%= timestamp %>' + created_at: '<%= timestamp %>' + updated_at: '<%= timestamp %>' + encrypted_password: <%= User.new.send(:password_digest, 'secret123') %> + <% @fb_email = Faker::Internet.email %> duplicate_email_facebook_user: uid: "<%= Faker::Number.number(10) %>"